redline | 59786cf4ed9f5abd0a5b8fa810764e66f6f958f95452a9908f582a37fe1a4ff3 | Triage

Submit
Reports

Overview

overview

Static

static

cb37b2c03c...93.exe

windows7_x64

cb37b2c03c...93.exe

windows10-2004_x64

Sharing

General

Target

cb37b2c03cca2f4ae68d7e2b7f8e8493.exe
Size

178KB
Sample

220321-tb9w3sdgek
MD5

cb37b2c03cca2f4ae68d7e2b7f8e8493
SHA1

ca21f84498ddf02eef6ebbbb6f9c7f1f64d97cc2
SHA256

59786cf4ed9f5abd0a5b8fa810764e66f6f958f95452a9908f582a37fe1a4ff3
SHA512

9601bb4dba108a963edc802569928e7c519f7bb22985b328577ea85eea5a31b423deb55344a1863302624c2649c0c79006a0f41e107407f802aa27beaa26942b

Score

10^/10

redline 2 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cb37b2c03cca2f4ae68d7e2b7f8e8493.exe

Resource

win7-20220311-en

redline 2 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cb37b2c03cca2f4ae68d7e2b7f8e8493.exe

Resource

win10v2004-en-20220113

redline 2 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

2

C2

45.72.110.144:8890

Attributes

auth_value
666a53b9a643121a4307a6a283389db6

Targets

- Target
  
  cb37b2c03cca2f4ae68d7e2b7f8e8493.exe
- Size
  
  178KB
- MD5
  
  cb37b2c03cca2f4ae68d7e2b7f8e8493
- SHA1
  
  ca21f84498ddf02eef6ebbbb6f9c7f1f64d97cc2
- SHA256
  
  59786cf4ed9f5abd0a5b8fa810764e66f6f958f95452a9908f582a37fe1a4ff3
- SHA512
  
  9601bb4dba108a963edc802569928e7c519f7bb22985b328577ea85eea5a31b423deb55344a1863302624c2649c0c79006a0f41e107407f802aa27beaa26942b
Score

10^/10

redline 2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline2discoveryinfostealerspywarestealer

behavioral2

redline2discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy